[Snort-devel] RE: [Snort-users] Possible Queso Fingerprint attempt?

Gregor Binder gbinder at ...462...
Fri Mar 16 07:30:22 EST 2001

Ookhoi on Fri, Mar 16, 2001 at 12:41:21PM +0100:


> I have to correct you on this one. Ecn is not enabled by default. You
> have to download the kernel yourself, untar it, set ecn from the default
> No to Yes, compile it, install it and reboot your computer with it.

sorry, I do not run a 2.4 myself, the FAQ I was quoting from made me
me think that it's enabled by default.

> You can't blame us for enabling ecn, or linux for supporting ecn. We
> blame the dumbass provider which installed snort and don't know a thing
> about it.

I'd have to agree with you on the braindead NIDS admin issue .. :) But
again I have to say what does it help YOU as a 2.4 user if it's not your
fault but you're the one suffering from it? Is finding someone else to
blame good enough for you?

If it's not enabled by default, we could as well forget this point
though. :)

> Less secure? I can't see why. And ecn was in 2.4 before it was declared
> stable, so imnsho it is implemented in a proper way.

I guess I was unclear on that last statement - what I meant to say was:

By forcing vendors to QUICKLY release patches to make things work again
for everybody, and I would consider this patching a very critical part
of those systems, I fear those patches could lack quality and thus
POSSIBLY impact security. I wasn't referring to ECN or Linux in this
case, but all those broken implementations. And I disagree with the FAQ
that a bugfix can't impact security. Without knowing a particular
implementation, you can never say that a bugfix can't introduce new

It's just like I don't like to see this "time to market"-type of
pressure being the driving factor for product development very much.


Gregor Binder       <gregor.binder at ...462...>      http://sysfive.com/
sysfive.com GmbH               UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55

More information about the Snort-users mailing list